The authentication provider Stytch is releasing new features in its Device Fingerprinting offering aimed at making it easier for companies to detect bots and fraud.
Stytch Device Fingerprinting creates unique and persistent fingerprints for each visitor by analyzing subsignals of device hardware, network TLS profile, and active browser markers. It is also invisible to users, unlike other methods like reCAPTCHA or WAFs, and has 99.99% accuracy, according to Stytch.
It now includes intelligent rate limiting that detects unusual traffic volumes and applies limits accordingly. It determines when to limit rates based on device, user, and traffic signals so that it doesn’t restrict legitimate users. According to Stytch, it can also adapt to new attacker profiles in real time.
Device Fingerprinting is also being enhanced with machine learning to detect and assess the risk of new device types. For instance, when a new browser is detected that is identifying itself as Chrome, Stytch will compare it to every historical Chrome version released to determine if it actually is what it says it is. Then, the fingerprinting model is updated using the verdict.
And finally, the solution is being updated with a new security rules engine that enables customers to configure Allow, Challenge, or Block verdicts so that they can more easily handle exceptions. Customizations can be made using the UI or via code.
“As we define and shape the next generation of authentication and identity management, our Device Fingerprinting solution exemplifies what this should be about,” said Reed McGinley-Stempel, CEO and co-founder of Stytch. “It’s about establishing a more holistic understanding of user identity and providing developers with core infrastructure to make authentication feel like it’s a native part of the application.”